CVE-2025-62025: 
WordPress vulnerability analysis and mitigation

A Deserialization of Untrusted Data vulnerability was identified in the eyecix JobSearch WordPress plugin (wp-jobsearch) and assigned CVE-2025-62025. The vulnerability affects versions prior to 3.0.8 and was disclosed on October 22, 2025. This security issue was initially reported through Patchstack's vulnerability disclosure program (NVD, Wordfence).

The vulnerability has been classified as CWE-502 (Deserialization of Untrusted Data). According to the CVSS 3.1 scoring system, it received a Critical severity rating with a base score of 9.8, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

Based on the CVSS score and vector string, successful exploitation of this vulnerability could lead to complete compromise of the affected system's confidentiality, integrity, and availability. The critical severity rating suggests potential for significant impact on systems running vulnerable versions of the JobSearch WordPress plugin (NVD).

Users are advised to update the JobSearch WordPress plugin to version 3.0.8 or later to address this vulnerability. This version contains the necessary security fixes to prevent exploitation of the deserialization vulnerability (Wordfence).